WildFly 11 Final is here

WildFly 11 is now available for download. Read on to find out more about its features and how to take advantage of them.

WildFly 11 highlights

Elytron

One of our favorite highlights of WildFly 11 is “the unification on a new common security framework across the full application server.” Jason Greene, the lead of the WildFly application server project explained in a blog post announcing the availability of WildFly 11 Final that there were previously two separate security infrastructures (picketbox and security-realms) and each covered separate use cases, and largely operated independently.

Other capabilities of Elytron include privilege propagation across multiple service invocations, identity switching, pre-request TLS verification, and rich security policies. Last but not least, it improves the overall extensibility of the system allowing for tight integration with SSO / IDP systems such as KeyCloak, Greene added.

You should know that even though there’s a new security infrastructure introduced by WildFly 11, the current security-domain and security-realm configurations and APIs are still here — they are internally mapped to Elytron. “WildFly 11’s default configurations still use the legacy security-domains and security-realms,” according to Greene. “A subsequent release will convert the default configurations over to the new configuration model.”

If you want to know more about Elytron, have a look at the documentation.

JNDI and EJB invocation — simplified and enhanced

JNDI and EJB invocation have been simplified and enhanced. Furthermore, there’s a new naming client library, WildFly Naming Client, which allows users to easily configure access to WildFly with minimal properties and configuration.

Users can access EJBs (and other resources) either in a dynamic discovery mode or in a new point to point mode that locks all EJB proxies to a specified address. You should also know that the user identity can now be changed in-between requests thanks to the new Elytron authentication infrastructure.

Graceful Shutdown/Startup Improvements

The graceful shutdown mechanism is handling distributed transactions. Although existing transactions will allow local operations to continue, new in-flowed transactions will be rejected. There’s also a new EJB parameter which allows for additional remote calls to occur against an established/active remote transaction, Greene explained.

Users can also start the server directly in suspended mode, for staging changes; it’s now part of the default start sequence where the server enters suspend first, and then resumes after all services have launched. Therefore, new requests are not accepted during the brief window of the server starting.

The list of highlights doesn’t end here though — don’t forget to read Greene’s blog post.

One final remark: Starting with WildFly 12, they are planning to move to a faster, more incremental release model. That’s something to look forward to.